A workload generally refers to one or more applications running on a set of virtual machines wherein in a set may be one or more virtual machines. The attributes of a workload typically include availability, security and resource requirements. Allocation of a workload refers to a mapping of virtual machine (VM) instances that contain applications associated with a collection of hosts on a variety of networks. Currently, workload allocation does not consider compliance costs. With the introduction of new or additional cloud infrastructure assets, enterprises remain responsible for ensuring that application workloads remain in compliance with the appropriate regulations and standards. Enforcing compliance increases the burden of security administrators to deploy the appropriate set of controls at the appropriate physical and virtual infrastructure elements including computer hosts, networks and storage. Some compliance regulations may require deploying a set of controls at the platform, infrastructure and service levels.
Without control awareness, the cost to reallocate and/or scale a given workload is unpredictable. This unpredictability stifles the optimization of virtual data centers by means of moving workloads since regulations may require administrators to allocate a given workload to a virtual infrastructure element that implements security controls corresponding to the standards associated with the given workload. Since the management of these controls may be distributed through a variety of mechanisms, there is a need to automate and maintain a control deployment framework that is conscious of the set of controls associated with a given set of compliance regulations or standards.